How severe is CVE-2024-36540?

CVE-2024-36540 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-36540

Name: external_secrets_operator
Author: external-secrets

9.8CRITICAL

Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

Опубликовано: 7/24/2024Обновлено: 6/27/2025

Описание

Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

ИИ-АнализНа базе ИИ

Затронутые продукты

external-secretsexternal_secrets_operator

0.9.16

Ссылки

https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a
Third Party Advisory
https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a
Third Party Advisory